locals {
  secgroups = {
    vsg_devops = {
      name             = "vsg-dev-baidu_hub-devops"
      description      = "vsg-dev-baidu_hub-devops"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22"
      remote_ip_prefix = "0.0.0.0/0"
    }
    vsg_cce_myapp = {
      name             = "vsg-dev-baidu_hub-cce-myapp"
      description      = "vsg-dev-baidu_hub-cce-myapp"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,30000-32767"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_web = {
      name             = "vsg-dev-baidu_hub-ecs-web"
      description      = "vsg-dev-baidu_hub-ecs-web"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,80,443"
      remote_ip_prefix = "172.16.0.0/24"

    }
    vsg_voip = {
      name             = "vsg-dev-baidu_hub-ecs-voip"
      description      = "vsg-dev-baidu_hub-ecs-voip"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "1-65535"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_miniapp = {
      name             = "vsg-dev-baidu_hub-ecs-miniapp"
      description      = "vsg-dev-baidu_hub-ecs-miniapp"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "1-65535"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_mysql = {
      name             = "vsg-dev-baidu_hub-db-mysql"
      description      = "vsg-dev-baidu_hub-db-mysql"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,3306"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_redis = {
      name             = "vsg-dev-baidu_hub-db-redis"
      description      = "vsg-dev-baidu_hub-db-redis"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,6379"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_mongodb = {
      name             = "vsg-dev-baidu_hub-db-mongodb"
      description      = "vsg-dev-baidu_hub-db-mongodb"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,27017-27019,28017-28019,8635"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_elasticsearch = {
      name             = "vsg-dev-baidu_hub-db-elasticsearch"
      description      = "vsg-dev-baidu_hub-db-elasticsearch"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,9001,9200,9300,9500,9601"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_kafka = {
      name             = "vsg-dev-baidu_hub-db-kafka"
      description      = "vsg-dev-baidu_hub-db-kafka"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,2181,8081-8083,9092,9093"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_zookeeper = {
      name             = "vsg-dev-baidu_hub-db-zookeeper"
      description      = "vsg-dev-baidu_hub-db-zookeeper"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,2181,2888,3888,8080,2869"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_rabbitmq = {
      name             = "vsg-dev-baidu_hub-db-rabbitmq"
      description      = "vsg-dev-baidu_hub-db-rabbitmq"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "22,5671,5672,15672,61613,61614,1883,8883,25672,35672"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_sfs = {
      name             = "vsg-dev-baidu_hub-db-sfs"
      description      = "vsg-dev-baidu_hub-db-sfs"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "1-65535"
      remote_ip_prefix = "172.16.0.0/24"
    }
    vsg_natgateway = {
      name             = "vsg-dev-baidu_hub-db-natgateway"
      description      = "vsg-dev-baidu_hub-db-natgateway"
      direction        = "ingress"
      ethertype        = "IPv4"
      action           = "allow"
      protocol         = "tcp"
      ports            = "1-65535"
      remote_ip_prefix = "172.16.0.0/24"
    }
  }
}


module "vsg" {
  source   = "../../../modules/vsg"
  for_each = local.secgroups

  name        = each.value.name
  description = each.value.description

  direction             = each.value.direction
  ethertype             = each.value.ethertype
  protocol              = each.value.protocol
  action                = each.value.action
  ports                 = each.value.ports
  remote_ip_prefix      = each.value.remote_ip_prefix
  enterprise_project_id = var.enterprise_project_id
}
